2008.3.20,高危病毒警告。
机器非常卡。基本不能动。只能看电影
59.34.197.188 21
203.208.37.104 80
ftp.exe
cmd.exe
qoq.exe
syssave.exe
ping.exe
soundman.exe
sss0.exe
其实主要是ftp.exe和cmd.exe还有soundman.exe
后面都是带出来的~
最后其实就是最关键的东西
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="N"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc]
"DCOM Protocols"=hex(7):6e,00,63,00,61,00,63,00,6e,00,5f,00,73,00,70,00,78,00, 00,00,6e,00,63,00,61,00,63,00,6e,00,5f,00,6e,00,62,00,5f,00,6e,00,62,00,00, 00,6e,00,63,00,61,00,63,00,6e,00,5f,00,6e,00,62,00,5f,00,69,00,70,00,78,00, 00,00,00,00
关135口。
封我上面提供的2个ip
导我提供的注册表
